version: '2.1'
services:
- name: kube-apiserver
  disable: false
  endpoints:
  - name: APISERVER_ENDPOINTS
    protocol: 
    port: 6442
  health:
    name: kube-apiserver
    model: http
    address: http://127.0.0.1:8181/version
    time_interval: 5
    max_errors_num: 3
  after:
    - docker
  type: simple
  pre_start: docker rm kube-apiserver
  start: >-
    docker run
    --privileged
    --restart=always
    --net=host
    --name kube-apiserver
    --volume=/opt/rainbond/etc/kubernetes:/opt/rainbond/etc/kubernetes
    goodrain.me/{{ kube_apiserver_image }}
    --insecure-bind-address=127.0.0.1
    --insecure-port=8181
    --secure-port=6442
    --advertise-address={{ master_access_address }} --bind-address={{ master_access_address }}
    --etcd-servers=${ETCD_ENDPOINTS}
    --enable-admission-plugins=ServiceAccount,NamespaceLifecycle,LimitRanger,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
    --authorization-mode=Node,RBAC
    --runtime-config=rbac.authorization.k8s.io/v1beta1
    --enable-bootstrap-token-auth
    --token-auth-file=/opt/rainbond/etc/kubernetes/kubecfg/token.csv
    --tls-cert-file=/opt/rainbond/etc/kubernetes/ssl/kubernetes.pem
    --tls-private-key-file=/opt/rainbond/etc/kubernetes/ssl/kubernetes-key.pem
    --client-ca-file=/opt/rainbond/etc/kubernetes/ssl/ca.pem
    --service-account-key-file=/opt/rainbond/etc/kubernetes/ssl/ca-key.pem
    --logtostderr=true
    --service-cluster-ip-range={{ service_cidr }}
  stop: docker stop kube-apiserver
  restart_policy: always
  restart_sec: 10

- name: kube-scheduler
  health:
    name: kube-scheduler
    model: tcp
    address: 127.0.0.1:10251
    max_errors_num: 3
    time_interval: 5
  after:
    - docker
  type: simple
  pre_start: docker rm kube-scheduler
  start: >-
    docker run
    --privileged
    --restart=always
    --net=host
    --name kube-scheduler
    --volume=/opt/rainbond/etc/kubernetes:/opt/rainbond/etc/kubernetes
    goodrain.me/{{ kube_scheduler_image }}
    --logtostderr=true
    --v=2
    --master=127.0.0.1:8181
    --address=127.0.0.1
    --leader-elect=true
  stop: docker stop kube-scheduler
  restart_policy: always
  restart_sec: 10

- name: kube-controller-manager
  endpoints:
  - name: CONTROLLER_MANAGER_ENDPOINTS
    protocol:
    port: 10252
  health:
    name: kube-controller-manager
    model: tcp
    address: 127.0.0.1:10252
    time_interval: 5
    max_errors_num: 3
  after:
    - docker
  type: simple
  pre_start: docker rm kube-controller-manager
  start: >-
    docker run
    --privileged
    --restart=always
    --net=host
    --name kube-controller-manager
    --volume=/opt/rainbond/etc/kubernetes:/opt/rainbond/etc/kubernetes
    goodrain.me/{{ kube_controller_manager_image }}
    --master=127.0.0.1:8181
    --pod-eviction-timeout=3m0s
    --leader-elect=true
    --logtostderr=true
    --address=127.0.0.1
    --v=4
    --cluster-name=kubernetes
    --cluster-signing-cert-file=/opt/rainbond/etc/kubernetes/ssl/ca.pem
    --cluster-signing-key-file=/opt/rainbond/etc/kubernetes/ssl/ca-key.pem
    --service-account-private-key-file=/opt/rainbond/etc/kubernetes/ssl/ca-key.pem
    --root-ca-file=/opt/rainbond/etc/kubernetes/ssl/ca.pem
    --service-cluster-ip-range={{ service_cidr }} 
    --cluster-cidr={{ pod_cidr }}
  stop: docker stop kube-controller-manager
  restart_policy: always
  restart_sec: 10